Differential analysis of GOST encryption algorithm

  • Authors:

  • Ludmila Babenko;Evgeniya Ishchukova

  • Affiliations:

  • Southern Federal University, Taganrog, Russia;Federal University, Taganrog, Russia

  • Venue:
  • Proceedings of the 3rd international conference on Security of information and networks
  • Year:
  • 2010

Quantified Score

Hi-index 0.00

Visualization

Abstract

In this article we explore the resistance of the GOST 28147-89 algorithm (commonly referred to as GOST) to the attack based on differential cryptanalysis. GOST algorithm is used as a national standard in the Russian Federation. GOST uses variable substitution boxes. It is commonly believed that any values of S-boxes for 32-round GOST encryption algorithm provide sufficient degree of resisting against attacks based on techniques such as linear and differential cryptanalysis. As the result of our research, we have found out that there is a number of S-boxes with weak properties with respect to differential cryptanalysis. The use of such elements in GOST allows obtaining features that have a fairly high probability that can be used to carry out attacks. So, if we use the same weak block replacement, the probability characteristics for the 32 rounds of GOST can reach 2-25, which makes it relatively easy to get the right pair of texts for analysis. As the illustration of correctness of our assumptions, we have carried out an attack against 12 rounds of GOST algorithm, which allows us to obtain first round subkey within minutes.